Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[common] Support for adding resouces to Addons #27351

Open
2 tasks done
alfi0812 opened this issue Sep 24, 2024 · 4 comments
Open
2 tasks done

[common] Support for adding resouces to Addons #27351

alfi0812 opened this issue Sep 24, 2024 · 4 comments
Labels
enhancement New feature or request

Comments

@alfi0812
Copy link
Collaborator

alfi0812 commented Sep 24, 2024

Is your feature request related to a problem?

Talos 1.8 no longer exposes the tunnel interface and it needs to be added as a resource to the vpn container.
https://github.com/siderolabs/talos/releases

Describe the solution you'd like

Add option for addons to include resources like already possible for the main pod

Describe alternatives you've considered

Manually adding the deployment.

Additional context

No response

I've read and agree with the following

  • I've checked all open and closed issues and my request is not there.
  • I've checked all open and closed pull requests and my request is not there.
@alfi0812 alfi0812 added the enhancement New feature or request label Sep 24, 2024
@stavros-k
Copy link
Collaborator

It should be for all addons, but yea

@stavros-k stavros-k self-assigned this Sep 24, 2024
@alfi0812 alfi0812 changed the title Support for adding resouces to Gluetun Addon Support for adding resouces to Addons Sep 24, 2024
@PrivatePuffin
Copy link
Member

Addons and dependencies need a complete refactor/rewrite, creating a standardized interface for them

@PrivatePuffin PrivatePuffin changed the title Support for adding resouces to Addons [common] Support for adding resouces to Addons Oct 7, 2024
@PrivatePuffin PrivatePuffin transferred this issue from another repository Oct 7, 2024
@likeaninja5
Copy link

Here's the workaround until addons are reworked, adapted from https://www.talos.dev/v1.8/kubernetes-guides/configuration/device-plugins/.

Apply this file to expose /dev/net/tun on your nodes

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: tun-device
  namespace: kube-system
  labels:
    app.kubernetes.io/name: tun-device
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: tun-device
  template:
    metadata:
      labels:
        app.kubernetes.io/name: tun-device
    spec:
      priorityClassName: system-node-critical
      tolerations:
      - operator: "Exists"
        effect: "NoExecute"
      - operator: "Exists"
        effect: "NoSchedule"
      containers:
      - image: squat/generic-device-plugin
        args:
        - --device
        - |
          name: tun
          groups:
            - count: 1000
              paths:
                - path: /dev/net/tun          
        name: tun-device
        resources:
          requests:
            cpu: 50m
            memory: 10Mi
          limits:
            cpu: 50m
            memory: 20Mi
        ports:
        - containerPort: 8080
          name: http
        securityContext:
          privileged: true
        volumeMounts:
        - name: device-plugin
          mountPath: /var/lib/kubelet/device-plugins
        - name: dev
          mountPath: /dev
      volumes:
      - name: device-plugin
        hostPath:
          path: /var/lib/kubelet/device-plugins
      - name: dev
        hostPath:
          path: /dev
  updateStrategy:
    type: RollingUpdate

kubectl -n kube-system apply -f FILE_NAME.yaml

Verify with kubectl describe node NODE_NAME, you should see squat.ai/tun under resources.

Then apply this patch to your broken deployment:

spec:
  template:
    spec:
      containers:
      - name: VPN_CONTAINER_NAME
        resources:
          limits:
            squat.ai/tun: "1"

kubectl -n NAMESPACE patch --patch-file PATCH_FILE.yaml deployment DEPLOYMENT_NAME

@kqmaverick
Copy link
Collaborator

Here's the workaround until addons are reworked, adapted from https://www.talos.dev/v1.8/kubernetes-guides/configuration/device-plugins/.

Apply this file to expose /dev/net/tun on your nodes

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: tun-device
  namespace: kube-system
  labels:
    app.kubernetes.io/name: tun-device
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: tun-device
  template:
    metadata:
      labels:
        app.kubernetes.io/name: tun-device
    spec:
      priorityClassName: system-node-critical
      tolerations:
      - operator: "Exists"
        effect: "NoExecute"
      - operator: "Exists"
        effect: "NoSchedule"
      containers:
      - image: squat/generic-device-plugin
        args:
        - --device
        - |
          name: tun
          groups:
            - count: 1000
              paths:
                - path: /dev/net/tun          
        name: tun-device
        resources:
          requests:
            cpu: 50m
            memory: 10Mi
          limits:
            cpu: 50m
            memory: 20Mi
        ports:
        - containerPort: 8080
          name: http
        securityContext:
          privileged: true
        volumeMounts:
        - name: device-plugin
          mountPath: /var/lib/kubelet/device-plugins
        - name: dev
          mountPath: /dev
      volumes:
      - name: device-plugin
        hostPath:
          path: /var/lib/kubelet/device-plugins
      - name: dev
        hostPath:
          path: /dev
  updateStrategy:
    type: RollingUpdate

kubectl -n kube-system apply -f FILE_NAME.yaml

Verify with kubectl describe node NODE_NAME, you should see squat.ai/tun under resources.

Then apply this patch to your broken deployment:

spec:
  template:
    spec:
      containers:
      - name: VPN_CONTAINER_NAME
        resources:
          limits:
            squat.ai/tun: "1"

kubectl -n NAMESPACE patch --patch-file PATCH_FILE.yaml deployment DEPLOYMENT_NAME

This was more of a tracking issue and the above is already on the truecharts.org website. Thanks for trying to help though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

5 participants